BUFFER OVERFLOW VULNERABILITIES
CPSC 620 Presentation
Basic structure of process memory
Polyspace C Verifier
Buffer Overflows constitute for about 50% of the
vulnerabilities reported by CERT.
According to National Vulnerability Database
(NVD) CVE statistics, 563 buffer overruns were
detected in 2008 and 431 buffer overruns out of
4,634 vulnerabilities were detected in 2009 till
Educate “Future” software programmers.
A temporary space in memory
used to hold data.
Buffer Overflow :
Happens when data written
into the buffer is larger than
the size of the buffer.
In turn overwrites adjacent
SAMPLE BUFFER OVERFLOW FUNCTION
} Function !!!
VIRTUAL ADDRESS SPACE
A LOOK AT THE STACK
OVER WRITING THE “RETURN ADDRESS”
printf(“This is not to be run\n");
CANARY METHOD TO DETECT BUFFER
Stack canaries, are used to detect a stack buffer overflow
before execution of malicious code can occur.
This method works by placing a small integer, the value of
which is randomly chosen at program start, in memory just
before the stack return pointer.
Most buffer overflows overwrite memory from lower to
higher memory addresses, so in order to overwrite the
return pointer (and thus take control of the process) the
canary value must also be overwritten.
STATIC ANALYSIS OF TOOLS
ARCHER Symbolic, interprocedural,
BOON Integer ranges, interprocedural
for string functions.
Polyspace C Verifier Abstract interpretation,
SPLINT Lightweight static analysis,
UNO Model checking, interprocedural,
DETECTION AND FALSE ALARM RATES
System Detection False Alarm
PolySpace 0.87 0.5
SPLINT 0.57 0.43
BOON 0.05 0.05
ARCHER 0.01 0
UNO 0 0
No Software can be 100% bug free.
Buffer overflows can be reduced by reduced by enforcing better
programming practices from the very early stages of Software
Some of these are:
Use of wrappers
Training software programmers with ‘Good’ programming
Use of memn*() functions instead of str*() functions
calloc() instead of malloc()
Proper free()ing of memory etc.,